Development and Maintenance. Entrust's information security program includes policies, standards, and processes for System Development Lifecycle (SDLC) that are aligned with industry recognized practices for the secure management of systems throughout their lifecycle. Phases of the SDLC includes: Requirements, Design, Implementation, Testing, Deployment, Operations, Maintenance, and Retirement. . Vulnerability identification and remediation are a central focus with the goal to minimize the number of security flaws in Entrust products and services, and to minimize the impact to Customer when such flaws are discovered. The processes described herein apply to Entrust products and services and components of a partner system that may be used in conjunction with an Entrust product or service. The program will ensure that SDLC processes are consistent with Entrust information security goals and expectations. Additionally, system baselines will be established to support Entrust software and firmware within the lifecycle (e.g., source repositories) and to support deployment into production environments. Where practical, system baselines will be aligned with compliance requirements.
Appears in 2 contracts